Predictive Machine Learning

File

After detecting an unknown or low-prevalence file, the Security Agent scans the file using the Advanced Threat Scan Engine (ATSE) to extract file features and sends the report to the Predictive Machine Learning engine, hosted on the Trend Micro Smart Protection Network. Through use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains.

If a functional Internet connection is unavailable, Predictive Machine Learning automatically switches to the local model to provide constant unknown threat protection against portable executable file threats.

Depending on how you configure Predictive Machine Learning, the Security Agent can attempt to Quarantine the affected file to prevent the threat from continuing to spread across your network.

Process

After detecting an unknown or low-prevalence process, the Security Agent monitors the process using the Contextual Intelligence Engine, and sends the behavioral report to the Predictive Machine Learning engine. Through use of behavioral malware modeling, Predictive Machine Learning compares the process behavior to the model, assigns a probability score, and determines the probable malware type the process is executing.

Process detection also monitors script execution. If the Contextual Intelligence Engine detects the execution of a suspicious script, Predictive Machine Learning takes the configured action.

Predictive Machine Learning performs script blocking on the following types of scripts:

Depending on how you configure Predictive Machine Learning, the Security Agent can Terminate the affected process or script and attempt to clean the file that executed the process or script.